CVE-2025-10391 is a Server-Side Request Forgery (SSRF) vulnerability identified in CRMEB versions up to 5.6.1, specifically within the function testOutUrl located in the file app/services/out/OutAccountServices.php. The vulnerability arises due to improper validation or sanitization of the push_token_url argument, which an attacker can manipulate to induce the server to make unauthorized HTTP requests to arbitrary URLs. This can allow attackers to access internal resources, bypass firewalls, or interact with services that are otherwise inaccessible externally. The vulnerability is remotely exploitable without requiring user interaction or authentication, increasing its risk profile. The CVSS 4.0 base score is 5.3 (medium severity), reflecting the network attack vector, low complexity, no privileges or user interaction needed, but limited impact on confidentiality, integrity, and availability. The vendor was notified early but did not respond, and the exploit details have been publicly disclosed, raising the risk of exploitation despite no known active exploitation in the wild yet. The lack of an official patch or mitigation from the vendor further exacerbates the threat. SSRF vulnerabilities like this can be leveraged for reconnaissance, pivoting within internal networks, or accessing sensitive metadata services, especially in cloud environments where internal endpoints often expose critical information. Given CRMEB is a CRM platform, attackers could leverage SSRF to gather internal network information or exploit other internal services, potentially leading to further compromise.

For European organizations using CRMEB versions 5.6.0 or 5.6.1, this SSRF vulnerability poses a significant risk. Exploitation could allow attackers to access internal systems or services behind firewalls, potentially exposing sensitive customer data or internal APIs. This could lead to data breaches, unauthorized access to internal resources, or lateral movement within corporate networks. Given the CRM nature of the product, the confidentiality of customer relationship data is at risk, which can have regulatory implications under GDPR. Additionally, SSRF can be a stepping stone for more complex attacks, including cloud metadata service exploitation or internal service manipulation, which could impact availability or integrity of services. The medium CVSS score reflects limited direct impact but does not fully capture the potential for chained attacks or data exposure. The lack of vendor response and patch increases the urgency for European organizations to implement compensating controls. Organizations in sectors with strict data protection requirements or those heavily reliant on CRMEB for customer data management are particularly vulnerable to reputational and compliance risks.

Since no official patch or vendor response is available, European organizations should implement the following mitigations: 1) Apply strict input validation and sanitization on the push_token_url parameter at the application or web server level to block malicious URLs, especially internal IP ranges and localhost addresses. 2) Employ network-level controls such as egress filtering and firewall rules to restrict outbound HTTP requests from the CRMEB server to only trusted destinations, preventing SSRF exploitation from reaching internal services. 3) Use web application firewalls (WAFs) with custom rules to detect and block suspicious SSRF patterns targeting the vulnerable function. 4) Monitor logs for unusual outbound requests originating from the CRMEB server, focusing on unexpected internal or external destinations. 5) Consider isolating the CRMEB application in a segmented network zone with limited access to sensitive internal resources. 6) If possible, upgrade to a later version of CRMEB once a patch is released or consider alternative CRM solutions until the vulnerability is addressed. 7) Conduct internal penetration testing and vulnerability scanning to identify any exploitation attempts or related weaknesses. These targeted mitigations go beyond generic advice by focusing on network segmentation, input filtering, and monitoring specific to the SSRF vector in CRMEB.